Merge "Serialize shutdown of pacemaker nodes"

openstack-archive · Jan 12, 2021 · 6246e5a · 6246e5a
2 parents 9fd7090 + cb55cc8
commit 6246e5a
Show file tree

Hide file tree

Showing 4 changed files with 161 additions and 2 deletions.
diff --git a/container_config_scripts/pacemaker_mutex_shutdown.sh b/container_config_scripts/pacemaker_mutex_shutdown.sh
@@ -0,0 +1,120 @@
+#!/bin/bash
+
+# pacemaker_mutex_shutdown.sh --acquire
+# pacemaker_mutex_shutdown.sh --release
+
+set -u
+
+usage() {
+    echo "Shutdown a cluster node in a coordinated way across the cluster"
+    echo "Usage:"
+    echo "   $0 --acquire # prevent other node from shutting down until we hold the lock"
+    echo "   $0 --release # release the lock, other node can compete for the shutdown lock"
+    echo
+}
+
+log() {
+    echo "$(date -u): $1"
+}
+
+error() {
+    echo "$(date -u): $1" 1>&2
+    exit 1
+}
+
+# Loop until we hold the lock. The lock has a TTL, so we're guaranteed to get it eventually
+shutdown_lock_acquire() {
+    local lockname=$1
+    local requester=$2
+    local ttl=$3
+    local rc=1
+    local current_owner
+    local owner_stopped
+    local owner_rc
+
+    log "Acquiring the shutdown lock"
+    while [ $rc -ne 0 ]; do
+        /var/lib/container-config-scripts/pacemaker_resource_lock.sh --acquire-once $lockname $requester $ttl
+        rc=$?
+        if [ $rc -ne 0 ]; then
+            if [ $rc -eq 2 ]; then
+                error "Could not acquire the shutdown lock due to unrecoverable error (rc: $rc), bailing out"
+            else
+                # The lock is held by another node.
+                current_owner=$(/var/lib/container-config-scripts/pacemaker_resource_lock.sh --owner $lockname)
+                owner_rc=$?
+                if [ $owner_rc -eq 2 ]; then
+                    error "Could not get the shutdown lock owner due to unrecoverable error (rc: $owner_rc), bailing out"
+                fi
+                if [ $owner_rc -eq 0 ]; then
+                    # If the owner is marked as offline, that means it has shutdown and
+                    # we can clean the lock preemptively and try to acquire it.
+                    owner_stopped=$(crm_mon -1X | xmllint --xpath 'count(//nodes/node[@name="'${current_owner}'" and @online="false" and @unclean="false"])' -)
+                    if [ "${owner_stopped}" = "1" ]; then
+                        log "Shutdown lock held by stopped node '${current_owner}', lock can be released"
+                        /var/lib/container-config-scripts/pacemaker_resource_lock.sh --release $lockname $current_owner
+                        continue
+                    fi
+                fi
+                log "Shutdown lock held by another node (rc: $rc), retrying"
+                sleep 10
+            fi
+        fi
+    done
+    log "Shutdown lock acquired"
+    return 0
+}
+
+
+# Release the lock if we still own it. Not owning it anymore is not fatal
+shutdown_lock_release() {
+    local lockname=$1
+    local requester=$2
+    local rc
+
+    log "Releasing the shutdown lock"
+    /var/lib/container-config-scripts/pacemaker_resource_lock.sh --release $lockname $requester
+    rc=$?
+    if [ $rc -ne 0 ]; then
+        if [ $rc -gt 1 ]; then
+            error "Could not release the shutdown lock due to unrecoverable error (rc: $rc), bailing out"
+        else
+            log "Shutdown lock no longer held, nothing to do"
+        fi
+    else
+        log "Shutdown lock released"
+    fi
+    return 0
+}
+
+
+ACTION=$1
+if [ -z "$ACTION" ]; then
+    error "Action must be specified"
+fi
+
+LOCK_NAME=tripleo-shutdown-lock
+LOCK_OWNER=$(crm_node -n 2>/dev/null)
+rc=$?
+if [ $rc -ne 0 ]; then
+    if [ $rc -eq 102 ]; then
+        log "Cluster is not running locally, no need to aquire the shutdown lock"
+        exit 0
+    else
+        error "Unexpected error while connecting to the cluster (rc: $rc), bailing out"
+    fi
+fi
+
+# We start with a very high TTL, that long enough to accomodate a cluster stop.
+# As soon as the node will get offline, the other competing node will be entitled
+# to steal the lock, so they should never wait that long in practice.
+LOCK_TTL=600
+
+
+case $ACTION in
+    --help) usage; exit 0;;
+    --acquire|-a) shutdown_lock_acquire ${LOCK_NAME} ${LOCK_OWNER} ${LOCK_TTL};;
+    --release|-r) shutdown_lock_release ${LOCK_NAME} ${LOCK_OWNER};;
+    *) error "Invalid action";;
+esac
+exit $?
diff --git a/container_config_scripts/pacemaker_resource_lock.sh b/container_config_scripts/pacemaker_resource_lock.sh
@@ -213,6 +213,29 @@ lock_release() {
 }
 
 
+# Retrieve the owner of a lock from the CIB
+# this is a read-only operation, so no need to log debug info
+lock_get_owner() {
+    local lockname=$1
+    local rc
+    local lock
+    local owner
+
+    lock=$(lock_get $lockname)
+    rc=$?
+    if [ $rc -ne 0 ] && [ $rc -ne $CIB_ENOTFOUND ]; then
+        return 2
+    fi
+
+    if [ -z "$lock" ]; then
+        return 1
+    else
+        lock_owner $lock
+        return 0
+    fi
+}
+
+
 ACTION=$1
 LOCKNAME=$2
 REQUESTER=$3
@@ -223,15 +246,22 @@ if [ -z "$ACTION" ]; then
 fi
 
 if [ $ACTION != "--help" ]; then
-    if [ -z "$LOCKNAME" ] || [ -z "$REQUESTER" ]; then
-        error "You must specific a lock name and a requester"
+    if [ -z "$LOCKNAME" ]; then
+        error "You must specific a lock name"
+    fi
+    if [ $ACTION != "--owner" ] && [ $ACTION != "-o" ]; then
+        if [ -z "$REQUESTER" ]; then
+            error "You must specific a lock requester"
+        fi
     fi
 fi
 
 case $ACTION in
     --help) usage; exit 0;;
     --acquire|-a) try_action lock_acquire $LOCKNAME $REQUESTER $TTL;;
     --release|-r) try_action lock_release $LOCKNAME $REQUESTER;;
+    --acquire-once|-A) lock_acquire $LOCKNAME $REQUESTER $TTL;;
+    --owner|-o) lock_get_owner $LOCKNAME;;
     *) error "Invalid action";;
 esac
 exit $?
diff --git a/deployment/containers-common.yaml b/deployment/containers-common.yaml
@@ -127,6 +127,9 @@ outputs:
       pacemaker_mutex_restart_bundle.sh:
         mode: "0755"
         content: { get_file: ../container_config_scripts/pacemaker_mutex_restart_bundle.sh }
+      pacemaker_mutex_shutdown.sh:
+        mode: "0755"
+        content: { get_file: ../container_config_scripts/pacemaker_mutex_shutdown.sh }
 
   volumes_base:
     description: Base volume list

diff --git a/deployment/pacemaker/pacemaker-baremetal-puppet.yaml b/deployment/pacemaker/pacemaker-baremetal-puppet.yaml
@@ -370,9 +370,15 @@ outputs:
                     echo "Could not retrieve and clear location constraint for VIP $v" 2>&1
                 fi
             done
+        - name: Acquire the cluster shutdown lock to stop pacemaker cluster
+          when: step|int == 1
+          command: systemd-cat -t ha-shutdown /var/lib/container-config-scripts/pacemaker_mutex_shutdown.sh --acquire
         - name: Stop pacemaker cluster
           when: step|int == 1
           pacemaker_cluster: state=offline
         - name: Start pacemaker cluster
           when: step|int == 4
           pacemaker_cluster: state=online
+        - name: Release the cluster shutdown lock
+          when: step|int == 4
+          command: systemd-cat -t ha-shutdown /var/lib/container-config-scripts/pacemaker_mutex_shutdown.sh --release